Connected coverage needed for internet of things

Posted On: Nov. 14, 2016 12:00 AM CST

Judy Greenwald

There is increasing interest in coverage for bodily injury and property damage caused by cyber-related risk, which is likely to evolve into blended policies that combine elements of both cyber and more traditional property/casualty coverages.

The term “internet of things” is generally used when referring to everyday consumer items that can use networks to send and receive data, and is often referred to from a products liability perspective. This cyber security issue also more widely applies to the danger of, for instance, breaches of the electric grid.

A recent example was an October cyber attack, in which internet-connected devices were used to render dozens of major websites unavailable. The Department of Homeland Security said it is aware of one type of malware potentially used in the incident, called Mirai, which compromises internet of things devices such as surveillance cameras and entertainment systems.

The department said in a statement last month that its National Cybersecurity and Communications Integration center is working with law enforcement, the private sector and the research community to develop ways to mitigate risks from Mirai and other malware.

Cyber security is “a rising concern as more and more products move to an online environment,” said Gamelah Palagonia, senior vice president for the cyber and errors and omissions team for Willis Towers Watson P.L.C. in New York. “There needs to be a blending of the policy forms for the kind of losses than can be expected in the future.”

In July, American International Group Inc. introduced CyberEdge Plus, a stand-alone policy designed to provide primary insurance protection for a broad range of cyber risks including property damage, bodily injury, business interruption and product liability.

Experts predict an increasing emphasis on this issue.

“The good news is, the market is starting to appreciate these areas of risk and is starting to step up to address them,” including with difference-in-conditions coverage, said Ben Beeson, Washington-based cyber risk practice leader at Lockton Cos. L.L.C.

Insurers are also adding insuring agreements to cyber insurance policies that will cover property damage and bodily injury, he said.

“We need to come up with a creative hybrid” that provides coverage for property damage and bodily injury, said Dena Cusick, Charlotte, North Carolinabased national technology, privacy and network risk practice adviser at Wells Fargo Insurance Services USA Inc.’s professional risk practice. “It’s still a work in progress.”

“We need to build cyber-specific solutions where we’re combining traditional cyber coverages with traditional property/casualty coverage, where we’re coming up with a single perils solution” where the peril is a cyber attack, said Zach Scheublein, New York-based based vice president with Aon Risk Solutions’ financial services group.

It is going to “take little bit of time to see the evolution of this particular risk transfer solution,” said Mr. Scheublein. Traditional property underwriters and traditional cyber underwriters all have their own underwriting appetites “and it’s a matter of getting those two silos cooperating and coming up with better solutions in the marketplace,” he said.

Experts say policyholders and their brokers must ensure there is no gap between their cyber and property or general liability coverages that leaves businesses without coverage.

If there is a gap, it becomes a question of convincing the general liability underwriter to modify the policy’s language so there is coverage, or looking at the cyber policy to see if coverage can be provided, said Adam Cottini, managing director of insurance and risk management in North America at Arthur J. Gallagher & Co. in New York. The situation is fluid “and there’s no consistency at the moment,” he said.

However, Steve Bridges, senior vice president of JLT Specialty Insurance Services Inc. in Chicago, said the more common problem is that the risk is covered twice, with slightly different terms such as cyber having a shorter waiting period for coverage to kick in and a different retention than the property policy. The challenge is selecting the policy that works best for a particular situation, Mr. Bridges said.

Meanwhile, Ms. Palagonia said not enough thought is being given to the threat a cyber event could pose to the electric grid. “Frankly, it’s very scary,” she said.